Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 07-26-2013, 05:51 PM   #1
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
[Slackware-security] GnuPG flush+reload attack (lather+rinse+repeat)

This side-channel vulnerability has been assigned CVE-2013-4242 and affects gnupg 1.4.x (fixed
in 1.4.14) and gnupg 2.0.x via libgcrypt (fixed in libgcrypt 1.5.3).

The purpose of this message is two-fold. On the one hand, I wanted to give Pat a heads up
about the security releases though the urgency is somewhat limited given the complexity of
the attack. That said, GnuPG's reason for being is security so any vulnerability is worth
taking seriously.

I also want to share a very interesting paper describing the attack for those who enjoy
reading this kind of material.

One thing which stood out as I read it was the incredible efficacy of the attack. With only a
single signing/encryption round, over 98% of the bits of an RSA private key could be recovered.


Last edited by mancha; 07-26-2013 at 05:56 PM.
Old 08-23-2013, 09:54 AM   #2
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
[slackware-security] gnupg / libgcrypt (SSA:2013-215-01)

New gnupg and libgcrypt packages are available for Slackware 12.1, 12.2, 13.0,
13.1, 13.37, 14.0, and -current to fix a security issue. New libgpg-error
packages are also available for Slackware 13.1 and older as the supplied
version wasn't new enough to compile the fixed version of libgcrypt.
Tagging this solved.


gnupg, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
99% cpu usage due to flush-8:0 & flush-8:16 propofol Debian 4 09-09-2011 04:03 PM
LXer: Digital security with GnuPG plugins LXer Syndicated Linux News 0 09-14-2007 02:41 PM
GnuPG - best permissions & security of decrypted file - help please emuub Linux - Security 1 10-14-2005 06:28 PM
how to reload sbp2 module /Flush terminal command cache Lakota Mandriva 1 12-07-2004 03:08 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:59 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration